Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
49s -
platform
windows10-2004_x64 -
resource
win10v2004-20231201-en -
resource tags
arch:x64arch:x86image:win10v2004-20231201-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2023, 01:45
Behavioral task
behavioral1
Sample
49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe
Resource
win10v2004-20231201-en
General
-
Target
49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe
-
Size
901KB
-
MD5
5d8924fefdc3af4f7877292e1ec73488
-
SHA1
74b10ac14262bd753c144d8c1a5f6858f536eb08
-
SHA256
49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3
-
SHA512
bf48e13e1581030eaf7126c2227c095c85e9019baee03bcce92e208aa5b5722ae45a1096ce27226320192d48f8a77e101a4f49e31da3ccf8b410360dfd7b6394
-
SSDEEP
12288:28shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBc:v3s4MROxnF9LqrZlI0AilFEvxHioy
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini 49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe File opened for modification C:\Windows\assembly\Desktop.ini 49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\assembly 49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe File created C:\Windows\assembly\Desktop.ini 49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe File opened for modification C:\Windows\assembly\Desktop.ini 49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 612 wrote to memory of 3156 612 49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe 88 PID 612 wrote to memory of 3156 612 49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe 88 PID 3156 wrote to memory of 3720 3156 csc.exe 90 PID 3156 wrote to memory of 3720 3156 csc.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe"C:\Users\Admin\AppData\Local\Temp\49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:612 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\smqpn4nb.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:3156 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES472C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC472B.tmp"3⤵PID:3720
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD50f607b834bf97c26cfdd65a27c34d7db
SHA14081f1f985a40c743acdc0dadac8f6efb00f008a
SHA2563b8b0fdd694a0bcf9d809761c8e5ed3c91d908918cbf082aa32f937de059ee43
SHA512c46d0080f002f768855d5524dae92e0cb7d9f63c5e9df45b65b1a9f27a625d56a7b644b78197290d9f4e70f8892581c6be61fdd9da53137091a9cc03c9cf2a05
-
Filesize
76KB
MD543ca772ec50b60e47fdafbcad80e8178
SHA16779e3dfce0a69a9f390360e7a055af0faf779f5
SHA2564a5b68f2c20ab5936987d358c37d30f5629fb47cc93e7367da1be09eca3b9099
SHA512ce7adfbd9d31731f7adb96052ea9af5d63172a1baa28e9bfdb6e528316ce130f1e0341239fe9144faba3ff04e90a5625ce08c3586f352e93f6cc0eba596a13b2
-
Filesize
676B
MD598b83e5d477de7108d38a0bb6b967f98
SHA1a99f96b4d2b0d246ad82b138beae7c3b72268a83
SHA256551427bec4bb717fcd0a335ad721c24497342027c012896c5f1adcde6fa6b2de
SHA512c55d7ea75f2c8d06d11f5c7c0089ed1c4c4577226adddcdd6ccee7c8c6fcc53ac5d3c9ad6e7c7c37ebf798b5cf189e3c6ddf949c0937dd9d44d214aa25075175
-
Filesize
208KB
MD5ba117d63a3bf320357cf8abea2cb56b9
SHA197d6df9ab0ddde6e876959fe6d0c82bad734b5d3
SHA2560747faa411d2398307705f3d746fab81ec4e7c3245db4f225256f7a93cd77de4
SHA512d4057734d9a427dd74eb073c030bb27b9f2545b2323cff4281cdf8453fcb07603af7afc107ed66c307298c05720b3178bedfc6554ebf85567da4563e1994c608
-
Filesize
349B
MD50d7e551e7ac61c0720be05ab98b1922e
SHA182856a204b0c3cbd8b92606a5cb1d51073f54ed1
SHA256454d586c983fdf48b88eee9eaac5be6428ae4987c4e25535cff25b84e157cabf
SHA512f5c1dcd1341c402c931ece3b282905d45006fc1465e9ae4f69e2d288a3d2532a00fbb940d3412920633032e133e31e3e27859a9cabf9f9ca33fc160cac5fe1ef